Politicians Still Underestimate Smart Cars’ Threat to Privacy

Posted on Nov 8, 2022 by Glyn Moody

It was three years ago that we blog wrote about the privacy problems raised by “smartphones on wheels” – the fact that today’s vehicles contain powerful computer systems and a wide range of sensors that are constantly sending back data to manufacturers. The politicians are finally starting to wake up to the threat.

Elizabeth Warren, the US senator from Massachusetts, has sent a six-page letter to the top anti-trust enforcers in the US – Lina Khan, chair of the Federal Trade Commission, and Jonathan Kanter, who heads up the antitrust division of the Justice Department. In it, Warren expresses her “serious concern” about emerging competition and consumer protection issues in the world of smart vehicles:

Big Tech is setting itself up to be a one-stop shop for automakers – for everything from data collection, cloud storage, and analytics to in-car navigation to voice assistants to autonomous driving capabilities. To achieve this dominance, Google, Apple, and Amazon are leveraging their market power in the mobile operating system, digital app markets, and data infrastructure spheres to become the dominant players in the automotive sphere.

The Elephant in the Car

Warren makes a good point, but the problem is still much bigger than this indicates. Even without “Big Tech” moving into this sector, there are already large numbers of companies that are gathering and using highly personal data generated when people drive their vehicles. The most complete and up-to-date review of the situation is “Wiretap on Wheels“, put together by the Surveillance Technology Oversight Project (STOP, report also available as a PDF) which summarizes things as follows:

Modern cars collect a huge amount of data, stored indefinitely onboard and in the cloud. The data tracks not just the car, but its occupants: it records our location history, phone contents (contacts, emails, texts, tweets, social media feeds), voice recordings, weight, and other biometric data. If this sounds creepily expansive, it is. Car data often is collected for the benefit of manufacturers, not drivers.

Our information fuels a billion-dollar industry centered on subscription services and on selling drivers’ data to third parties, including law enforcement. Many cars on the road feed this industry: 84 million connected cars beamed data to manufacturers and other companies in the U.S. in 2021. Drivers can refuse some data collection, but saying “no” often comes at the cost of passenger safety: no data, no emergency roadside service or built-in navigation tools.

What Personal Data Do Cars Collect?

There are three main sources of personal information on cars. One is the old “black box” that continuously monitors a vehicle so that investigators can review key information after an accident. These black boxes have been around for many years, and are now nearly ubiquitous, but store relatively little data – typically just 30 seconds of information around a serious event, such as a crash.

Much more problematic are the telematic systems. These are what makes today’s vehicles smartphones on wheels, as they generate and record a wide variety of information from sensors built into the vehicles:

  • vehicle faults
  • diagnostics
  • fuel consumption
  • braking and acceleration
  • usage of headlights and windscreen wipers
  • whether the driver’s door is opened or closed

Then, there’s also the constant data flow about the state of the vehicle, information about the driver, including location data and driving habits. It is the last aspect that is particularly concerning: advanced features are constantly being added that provide even more granular details about our lives, revealed through our daily use of vehicles.

For example, systems that monitor and warn of driver drowsiness and distraction are mandatory in the EU starting with this year. Similar legislation has been proposed in the US. Radar technology can be used to track passengers, as well as the driver, even measuring their heart beat through their chest movements. Last year Tesla was granted a waiver by the FCC to use radar sensors to monitor for children left in dangerously hot cars. More advanced systems based around artificial intelligence aim to assess the emotional and mental state of the driver, and what is happening generally inside a vehicle.

Law enforcement will know what’s in your trunk before they stop you

The third source of personal data within cars is the infotainment system. As the STOP report explains:

If you use your infotainment system to text, make a call, send email, check social media or browse the web, the system stores the content and data associated with those actions on the car. Anyone who uses an infotainment system to access the car’s built-in apps, such as navigation services, shares their location history, voice commands, and any passwords they use with the car. The resulting data is stored on the car’s infotainment system and shared with vehicle manufacturers, rental companies, infotainment providers, and app companies in accordance with their business policies.

Your Car Data Can Be Used Against You

Unsurprisingly, law enforcement agencies in many countries are drawing on this threefold treasure-trove of personal car data when conducting their enquiries, and convictions have been obtained based on it.

There are ports on most modern vehicles that are specifically designed to make it easy to download all the telematic data, and there are forensic tools that the police can use to do this without asking the manufacturer to help. In addition, a new class of car data aggregators, sometimes known as vehicle data hubs, are generally willing to sell access to the police and to others.

It’s good to see Senator Warren raising awareness about the emerging consumer threats from these smartphones on wheels, but her focus on “Big Tech” is far too narrow: the entire ecosystem of vehicle data needs to be investigated.

Some companies recognize that privacy is a key aspect of this new data flood, and there are apps that help minimize the threat from in-car surveillance. But the real solution is to bring in targeted legislation that puts drivers back in the driver’s seat when it comes to digital privacy.

Featured image created with Stable Diffusion.